!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/cvc/application/views/version/   drwxr-xr-x
Free 50.41 GB of 127.8 GB (39.45%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_cli_upd.php (5.55 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script language="javascript">
    /*jQuery(document).ready(function(){
    
        jQuery(":checkbox[class^='chkUpd']").bind('click',function(){
            
            var objClass = jQuery(this).attr("class");
            jQuery("."+objClass).attr("checked",this.checked);
            var num = jQuery(":checked[class^='chkUpd']").length;
            if( num <= 0)
                jQuery("#btnSubmit").attr("disabled","disabled");
            else
                jQuery("#btnSubmit").attr("disabled","");
        });
    });*/
    
    function chkSelectBySysID(sysid,flag){
            jQuery(":checkbox[class^='chkUpd_"+sysid+"']").attr("checked",$('#chkheader_'+sysid).is(':checked'));

            var num = jQuery(":checked[class^='chkUpd']").length;
            if(num <= 0)
                jQuery("#btnSubmit").attr("disabled","disabled");
            else
                jQuery("#btnSubmit").attr("disabled","");
    }

    function chkSelect(target,flag){
        jQuery(":checkbox[class^='"+target+"']").attr("checked",flag);
        if(flag == 0)
            jQuery("#btnSubmit").attr("disabled","disabled");
        else
            jQuery("#btnSubmit").attr("disabled","");
    }
</script>
    <div class='ver_center' style="font-weight:bold;margin:10px auto;font-size:18px;"><?php echo isset($tb_header)?$tb_header:'';?></div>
    <?php
        if(isset($flag_upd) && $flag_upd ==1)
            echo form_open($this->config->item('ver_folder').'ver_client/process_query');
    ?>
    <table class="ver_table" style="width:100%;">
    <?php
        if(isset($flag_upd) && $flag_upd ==1)
        {
    ?>
        <col/>
    <?php
        }
    ?>
        <col style="width:8%;"/>
        <col style="width:15%;"/>
        <col/>
        <col style="width:15%;"/>
        <col style="width:15%;"/>
        <col style="width:15%;"/>
        <thead>
            <tr>
            <?php
                $num_col 6;
                if(isset($flag_upd) && $flag_upd ==1)
                {
                    $num_col 7;
            ?>
                <th></th>
            <?php
                }
            ?>
                <th>ลำดับที่</th>
                <th>วันที่อัพเดท</th>
                <th>คำอธิบาย</th>
                <th>ชนิดคำสั่ง</th>
                <th>สถานะการอัพเดท</th>
                <th>รายละเอียด</th>
            </tr>
        </thead>
        <tbody>
        <?php
            if(isset($rs_udt) && $rs_udt->num_rows())
            {
                $sys_id '';
                foreach($rs_udt->result() as $row)
                {
                    if($sys_id != $row->csys_id)
                    {
                        $sys_id $row->csys_id;
        ?>
            <tr>
                <td colspan="<?php echo $num_col;?>" style="text-align:left;font-weight:bold;">
                <?php
                    if(isset($flag_upd) && $flag_upd ==1)
                    {
                ?>
                    <!--<input type="checkbox" name="chkheader[]" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $sys_id;?>" />&nbsp;&nbsp;-->
                    <input type="checkbox" name="chkheader[]" id="chkheader_<?php echo $sys_id;?>" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $sys_id;?>"  onclick="chkSelectBySysID(<?=$sys_id?>)"/>&nbsp;&nbsp;
                <?php
                    }
                    echo $row->csys_th_name;?>
                </td>
            </tr>
        <?php
                    }
        ?>
            <tr>
        <?php
                    if(isset($flag_upd) && $flag_upd ==1)
                    {
        ?>
                <!--<td style="text-align:center;"><input type="checkbox" name="chkUpd[]" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $row->udt_id;?>"/></td>-->
                <td style="text-align:center;"><input type="checkbox" name="chkUpd[]" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $row->udt_id;?>"/></td>
        <?php
                    }
        ?>
                <td style="text-align:center;"><?php echo $row->udt_tx_id;?></td>
                <td><?php echo abbreDate(splitDateDb2($row->udt_date)).' '.$row->udt_time;?></td>
                <td style="text-align:left;"><?php echo $row->udt_tx_describe;?></td>
                <td style="text-align:center;"><?php echo $row->udt_tx_opt;?></td>
                <td style="text-align:center;">
                <?php 
                    if(strtolower($row->udt_status)=='u')
                    {
                ?>
                <img src="<?php echo base_url().$this->config->item('ver_pic_cp');?>" title="อัพเดทเสร็จสิ้น" alt="อัพเดทเสร็จสิ้น" width="16" height="16" />
                <?php
                    }
                    else
                    {
                ?>
                <img src="<?php echo base_url().$this->config->item('ver_no_db');?>" title="ยังไม่ได้อัพเดท" alt="ยังไม่ได้อัพเดท" width="16" height="16" />
                <?php
                    }
                ?>
                </td>
                <td style="text-align:center;">
                <?php 
                    $title  "รายละเอียดคำสั่ง";
                    $pop_url site_url($this->config->item('ver_folder').'ver_client/detail_query');
                    echo anchor('#',"<img src=\"".base_url().$this->config->item('ver_pic_view')."\" class=\"noborder preventDf\" width=\"16\" height=\"16\" alt=\"".$title."\" title=\"".$title."\" onclick=\"sendPost('frmPopup',{'udt_id':'".$row->udt_id."'},'".$pop_url."',{})\" />");        
                ?>
                </td>
            </tr>
        <?php
                }
            }
        ?>
        </tbody>
    </table>
        <?php
            if(isset($flag_upd) && $flag_upd ==1)
            {
        ?>
    <div>
        <input type="button" name="btnChkAll" id="btnChkAll" value="เลือกทั้งหมด" onclick="chkSelect('chkUpd',1)"/>
        <input type="button" name="btnUnChkAll" id="btnChkAll" value="ไม่เลือกทั้งหมด" onclick="chkSelect('chkUpd',0)"/>
    </div>
        <?php
            }
            if(isset($limit))
            {
        ?>
    <div style="text-align:right;margin-top:20px;">
        <?php
            echo anchor($this->config->item('ver_folder').'ver_client/show_update',"<img src=\"".base_url().$this->config->item('ver_pic_view')."\" class=\"noborder\" width=\"16\" height=\"16\" />ดูประวัติการเปลี่ยนแปลงข้อมูลพื้นฐานกลางทั้งหมด","");
        ?>
    </div>
        <?php
            }
        ?>

<?php
    if(isset($flag_upd) && $flag_upd ==1)
    {
?>
    <div style="text-align:center;"><input type="submit" name="btnSubmit" id="btnSubmit" value="อัพเดทข้อมูล" disabled="disabled"/></div>
<?php
        echo form_close();
    }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--